If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Welcome to the Sarbanes-Oxley Forum. This interactive community portal is designed to facilitate the exchange of information between those seeking to comply with the requirements of this important legislation. It is also intended to act as a guide, offering useful resources and tips.

The forum comprises a number of useful areas, including an FAQ, a fully functional online forum, and a news section to which interested parties can submit their own experiences. These can be selected from the panel on the left. Registration to the portal is easy and free, and visitors are strongly encouraged to participate in this project.

Finally, please feel free to submit your feedback, recommendations, articles or any other useful information.... and of course... don't forget to vote in our current survey!

128 bit will be just fine as long as tests proove that you are using it and that your company's board will sign of that they understand that you use it and as far as they are aware (and your auditors) it is working as you describe. Your auditors will undoubtedly want to pass comment, but 128 bit should be fine.

SOX (to the best of my knowledge) does not set out specifc technical standards, its basically designed to ensure that Directors sign of (and therefore accept accountability) that controls are in place.

For specific criteria you would be better of looking at FDIC, BS7799 etc requirments.